Adversarial sample generation method for face recognition system in physical domain

A technology of face recognition system and adversarial samples, which is applied in the field of adversarial sample generation for face recognition systems in the physical domain. The effect of attack success rate

Active Publication Date: 2020-04-10
CHINA-SINGAPORE INT JOINT RES INST
View PDF6 Cites 36 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, using GAN to generate the anti-perturbation of the shape of the glasses makes the generated adversarial samples unstable. At the same time, it is necessary to collect glasses pictures in advance to build a database to train GAN, which is time-consu

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Adversarial sample generation method for face recognition system in physical domain
  • Adversarial sample generation method for face recognition system in physical domain
  • Adversarial sample generation method for face recognition system in physical domain

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0076] This embodiment takes the PubFig face recognition database as an example to introduce in detail the implementation process of generating an adversarial sample for an impersonation attack in this embodiment. The PubFig database consists of 200 different person IDs with a total of 58,797 pictures, with an average of 300 pictures per ID. Using 8 IDs in the PubFig database and two character IDs in the laboratory to train a VGGFace10 based on the VGG16 structure as the attacked face recognition system, the 10 IDs are named 00 to 09, and the system input resolution is 112×112×3 face area image, output the ID corresponding to the face. The pictures of each ID in the PubFig database are randomly divided into training set, validation set and test set according to the ratio of 7:2:1. The picture samples of the two character IDs in the laboratory come from the real samples of ID No. 2 and ID No. 61 of the SSIJRI-Face face spoofing detection database. Each ID specifically contains...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an adversarial sample generation method for a face recognition system in a physical domain. According to the adversarial sample generation method, a glasses-shaped adversarialdisturbance block which can be reproduced in the physical domain is generated through a generator to mislead the face recognition system; meanwhile, by consideration of the influence of different illumination and printer chromatic aberration, data enhancement is carried out through simulation of illumination changes, and the success rate of attack in the physical domain is improved by utilizing aplurality of loss function combinations. Moreover, different face recognition networks are accessed to an overall training framework, so digital domain adversarial samples for different face recognition methods can be conveniently and quickly generated, and adversarial disturbance can be physically reproduced. With the adversarial sample generation method provided by the invention, attacks on theface recognition system in the physical domain are effectively achieved; meanwhile, the problem that the system lacks enough adversarial samples in the training process is effectively solved; a largenumber of adversarial samples can be rapidly generated to train the network, so the reliability of the network is improved; meanwhile, the adversarial samples can be physically reproduced and have robustness to illumination changes.

Description

technical field [0001] The invention relates to the technical fields of computer vision and biometrics, and in particular to a method for generating an adversarial example for a face recognition system in the physical domain. Background technique [0002] Face recognition technology has achieved vigorous development in recent years, especially with the development of deep learning technology, with the support of sufficient training data and computing power, many face recognition systems based on deep neural networks have achieved good results. recognition effect. However, deep learning technology is vulnerable to adversarial attacks, that is, through subtle perturbations on the input that are imperceptible to the human eye, the deep neural network can output any desired classification with a high degree of confidence, which reveals the existence of deep learning systems. On the other hand, adversarial attacks can be implemented in the physical domain, that is, by creating p...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06K9/00G06K9/62
CPCG06V40/172G06V40/168G06F18/214Y02T10/40
Inventor 胡永健蔡楚鑫王宇飞刘琲贝葛治中李皓亮
Owner CHINA-SINGAPORE INT JOINT RES INST
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap